Intel Software Guard Extensions (SGX) is a novel hardware-assisted security technology introduced by Intel Corporation. The ambition of Intel SGX is to provide an isolated and secure execution environment for user-space applications. Even if the BIOS is compromised, the protected applications remains secure. The isolated execution environment is located in a special memory region called the enclave. Promoting and using a novel technology requires a good understanding of it. This thesis first contains a systematization of knowledge of the hardware-assisted security technologies, trusted computing and the Intel SGX. What is more, to have the best practice of using Intel SGX, we must understand its advantages and limitations, especially the performance issue. This thesis then has a discussion of where the performance overhead of Intel SGX comes from and how to evaluate and avoid them. In the final chapter of the thesis, we demonstrate how to secure a non-trivial application using Intel SGX and we have a performance analysis of the protected application
